Re: Limit access to serial link to four users [7:33306]
Interesting problem. I think that I would look at QoS options or an application layer solution. Perhaps CAR configured for a maximum rate that would force the application to not have sufficient B/W on the path? --- Darrell Newcomb wrote: > I try not to use the below logic on my networks, but > have also never had > it fail to deliver service when there was no other > choice. > > The common streaming of windows media and real have > such large client > side buffers that you'll find you can seemingly > overload the link > without having any user observable qualitative > difference. Some factors > which contribute even more to the success of > overloading are the bit > rate varies as the encoders don't always output the > maximum data rate. > The fact that most streams on the public internet > are short lived, the > standard buffers can cover the end of the stream the > user is still > viewing leaving capacity for other streams to go > through their peak > startup period. The traditional stat muxing factors > come into play > where depending upon the application there is some > downcycle in > streaming usage in the workflow. You only need a > 2.5:1 to get 300kbps > streams through uncongested. > > Lastly I think you are approaching the wrong > problem. Non streaming > uses for the same 2Mbps link will be the big enemy > of predictably good > streaming performance. Your application may even be > one of those by > downloading other supporting data... > > To more directly approach the problem space you > posed: > -There is xauth in pixOS and I believe IOS NAT > -Couple that with a creative authentication server, > or script to control > it > -The above should get you the max number of sessions > through. > -Can't recall the reflexive access lists with CAR > ball of wax off the > top of my head. But there is some per-session rate > limiting in cisco. > > There are various rate limiting equipment out there. > Riverstone has > good affordable routers for this, Netscreen claims > to do it(haven't used > them yet), and Packeteer also does this type of > thing. There is more > but I believe them to be the notables. > > There are proxy and/or cache products which would > address the max number > of sessions issue and maybe address the usage > pattern you have. > > Not that I'd recommend this, but if your application > and rest of the > network path can adequately support forcing the > streams over a tcp > session you'll probably find it much easier to deal > with the rate > limiting. But really try to handle it without > forcing tcp as any > backoffs will hurt the qualitative performance if > there are other > signficant numbers of tcps over any congested > link.(read: IME(nee > opinion) tcp will backoff quicker than a given > streaming protocol) > > Good Luck, > Darrell (always looking for contract work) Newcomb > > Gaz wrote: > > > > Hi all, > > > > I'm after some ideas if you'd be so kind :-) > > > > A 2Mb link being used mainly for streaming media > has about 15 potential > > users. The task is to limit the number of users at > any one time to four, so > > they have half a Mb each (ish). > > > > My initial idea, which I must admit, I dont think > is such a good one is to > > set up a NAT pool of four addresses, and drag the > translation timeout down > > to about a minute (yet to be tested), so that the > first four users to pass > > traffic will be translated and allowed through, > but after that, they'll > have > > to wait. > > > > I'm off to look at something like TACACS to see if > I can control network > > authorization by number of users (shot in the > dark). > > > > No equipment in place yet, so we have a clean > drawing board. > > > > Anybody have any neat ideas please!! > > > > Thanks, > > > > Gaz [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33818&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
Thanks for your comments ideas. One thing - I'm under the impression that the Translation timeout is a sliding window (ie the counter starts when the translation ceases to pass traffic), so wouldn't kick a user until he'd been idle for 60 seconds. Still need to test this, but for some reason I've always had that stuck in my mind. Cheers, Gaz ""Joseph Brunner"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > see comments below > > -Original Message- > From: Gaz [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 26, 2002 3:51 PM > To: [EMAIL PROTECTED] > Subject: Limit access to serial link to four users [7:33306] > > > >Hi all, > > >I'm after some ideas if you'd be so kind :-) > > >A 2Mb link being used mainly for streaming media has about 15 potential > >users. The task is to limit the number of users at any one time to four, so > >they have half a Mb each (ish). > > All 15 @ once may be able to watch this stream. you should run a test to > determine if this is a 300kbps, (DSL cable stream) or a 150Kbps "T-1" > stream. if you go to Abcnews.com or somesites to watch video, they > expect corporate users to choose a T-1 stream, because they run on a > business line which is not exclusively for the streaming. > > What I would do is ask people to choose the lower res stream, and enforce > this with an aggresive car / traffic shaping policy. It would be nice > if this stream uses layer 4 characteristics which will make it easy to > classify and apply policy to, however assuming it uses a protocol you > don't wish to delay (like tcp 80, http), you can always use car to limit > per ip bandwidth for your 15 potential users, this would easiest if their > ip's were in a neat little /28 range) > > > >My initial idea, which I must admit, I dont think is such a good one is to > >set up a NAT pool of four addresses, and drag the translation timeout down > >to about a minute (yet to be tested), so that the first four users to pass > >traffic will be translated and allowed through, but after that, they'll > have > >to wait. > > this can work.. however every minute it would get kicked.. not cool if the > stream is long. (you can make sure the potential users are in a specific > range > and then make a route map, keeping the hosts in their own nat pool, unless > your potential users are your only users. > > >I'm off to look at something like TACACS to see if I can control network > >authorization by number of users (shot in the dark). > > >No equipment in place yet, so we have a clean drawing board. > > >Anybody have any neat ideas please!! > > > Thanks, > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33579&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
Darrell, As you put so much work in to reply I'll post it myself. The formatting has been lost in cut and paste but info all there. Thanks for your help. I have plenty of ideas to be reading up on. Thanks, Gaz -Original Message- From: Darrell Newcomb Sent: 27 January 2002 18:29 To: Gaz Subject: [Fwd: Re: Limit access to serial link to four users [7:33306]] Every attempt to send this to the group has failed so I'll just send it to you. I used to be able to post without a problem so I don't know what's happening. Hope this is of some use. Original Message ---- Subject: Re: Limit access to serial link to four users [7:33306] Date: Sat, 26 Jan 2002 14:48:12 -0800 From: Darrell Newcomb Newsgroups: groupstudy.cisco References: I try not to use the below logic on my networks, but have also never had it fail to deliver service when there was no other choice. The common streaming of windows media and real have such large client side buffers that you'll find you can seemingly overload the link without having any user observable qualitative difference. Some factors which contribute even more to the success of overloading are the bit rate varies as the encoders don't always output the maximum data rate. The fact that most streams on the public internet are short lived, the standard buffers can cover the end of the stream the user is still viewing leaving capacity for other streams to go through their peak startup period. The traditional stat muxing factors come into play where depending upon the application there is some downcycle in streaming usage in the workflow. You only need a 2.5:1 to get 300kbps streams through uncongested. Lastly I think you are approaching the wrong problem. Non streaming uses for the same 2Mbps link will be the big enemy of predictably good streaming performance. Your application may even be one of those by downloading other supporting data... To more directly approach the problem space you posed: -There is xauth in pixOS and I believe IOS as well -Couple that with a creative authentication server, or script to control it -The above should get you the max number of sessions through. -Can't recall the reflexive access lists with CAR ball of wax off the top of my head. But there is some per-session rate limiting in cisco. There are various rate limiting equipment out there. Riverstone has good affordable routers for this, Netscreen claims to do it(haven't used them yet), and Packeteer also does this type of thing. There is more but I believe them to be the notables. There are proxy and/or cache products which would address the max number of sessions issue and maybe address the usage pattern you have. Not that I'd recommend this, but if your application and rest of the network path can adequately support forcing the streams over a tcp session you'll probably find it much easier to deal with the rate limiting. But really try to handle it without forcing tcp as any backoffs will hurt the qualitative performance if there are other signficant numbers of tcps over any congested link.(read: IME(nee opinion) tcp will backoff quicker than a given streaming protocol) Good Luck, Darrell (always looking for contract work) Newcomb [EMAIL PROTECTED] Gaz wrote: > > Hi all, > > I'm after some ideas if you'd be so kind :-) > > A 2Mb link being used mainly for streaming media has about 15 > potential users. The task is to limit the number of users at any one > time to four, so they have half a Mb each (ish). > > My initial idea, which I must admit, I dont think is such a good one > is to set up a NAT pool of four addresses, and drag the translation > timeout down to about a minute (yet to be tested), so that the first > four users to pass traffic will be translated and allowed through, but > after that, they'll have to wait. > > I'm off to look at something like TACACS to see if I can control > network authorization by number of users (shot in the dark). > > No equipment in place yet, so we have a clean drawing board. > > Anybody have any neat ideas please!! > > Thanks, > > Gaz ""Darrell Newcomb"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If all of my responses get through this will be embarassing. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33385&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Limit access to serial link to four users [7:33306]
Hmm the last one made it I try not to use the below logic on my networks, but have also never had it fail to deliver service when there was no other choice. The common streaming of windows media and real have such large client side buffers that you'll find you can seemingly overload the link without having any user observable qualitative difference. Some factors which contribute even more to the success of overloading are the bit rate varies as the encoders don't always output the maximum data rate. The fact that most streams on the public internet are short lived, the standard buffers can cover the end of the stream the user is still viewing leaving capacity for other streams to go through their peak startup period. The traditional stat muxing factors come into play where depending upon the application there is some downcycle in streaming usage in the workflow. You only need a 2.5:1 to get 300kbps streams through uncongested. Lastly I think you are approaching the wrong problem. Non streaming uses for the same 2Mbps link will be the big enemy of predictably good streaming performance. Your application may even be one of those by downloading other supporting data... To more directly approach the problem space you posed: -There is xauth in pixOS and I believe IOS NAT -Couple that with a creative authentication server, or script to control it -The above should get you the max number of sessions through. -Can't recall the reflexive access lists with CAR ball of wax off the top of my head. But there is some per-session rate limiting in cisco. There are various rate limiting equipment out there. Riverstone has good affordable routers for this, Netscreen claims to do it(haven't used them yet), and Packeteer also does this type of thing. There is more but I believe them to be the notables. There are proxy and/or cache products which would address the max number of sessions issue and maybe address the usage pattern you have. Not that I'd recommend this, but if your application and rest of the network path can adequately support forcing the streams over a tcp session you'll probably find it much easier to deal with the rate limiting. But really try to handle it without forcing tcp as any backoffs will hurt the qualitative performance if there are other signficant numbers of tcps over any congested link.(read: IME(nee opinion) tcp will backoff quicker than a given streaming protocol) Good Luck, Darrell (always looking for contract work) Newcomb [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33319&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
I try not to use the below logic on my networks, but have also never had it fail to deliver service when there was no other choice. The common streaming of windows media and real have such large client side buffers that you'll find you can seemingly overload the link without having any user observable qualitative difference. Some factors which contribute even more to the success of overloading are the bit rate varies as the encoders don't always output the maximum data rate. The fact that most streams on the public internet are short lived, the standard buffers can cover the end of the stream the user is still viewing leaving capacity for other streams to go through their peak startup period. The traditional stat muxing factors come into play where depending upon the application there is some downcycle in streaming usage in the workflow. You only need a 2.5:1 to get 300kbps streams through uncongested. Lastly I think you are approaching the wrong problem. Non streaming uses for the same 2Mbps link will be the big enemy of predictably good streaming performance. Your application may even be one of those by downloading other supporting data... To more directly approach the problem space you posed: -There is xauth in pixOS and I believe IOS as well -Couple that with a creative authentication server, or script to control it -The above should get you the max number of sessions through. -Can't recall the reflexive access lists with CAR ball of wax off the top of my head. But there is some per-session rate limiting in cisco. There are various rate limiting equipment out there. Riverstone has good affordable routers for this, Netscreen claims to do it(haven't used them yet), and Packeteer also does this type of thing. There is more but I believe them to be the notables. There are proxy and/or cache products which would address the max number of sessions issue and maybe address the usage pattern you have. Not that I'd recommend this, but if your application and rest of the network path can adequately support forcing the streams over a tcp session you'll probably find it much easier to deal with the rate limiting. But really try to handle it without forcing tcp as any backoffs will hurt the qualitative performance if there are other signficant numbers of tcps over any congested link.(read: IME(nee opinion) tcp will backoff quicker than a given streaming protocol) Good Luck, Darrell (always looking for contract work) Newcomb [EMAIL PROTECTED] Gaz wrote: > > Hi all, > > I'm after some ideas if you'd be so kind :-) > > A 2Mb link being used mainly for streaming media has about 15 potential > users. The task is to limit the number of users at any one time to four, so > they have half a Mb each (ish). > > My initial idea, which I must admit, I dont think is such a good one is to > set up a NAT pool of four addresses, and drag the translation timeout down > to about a minute (yet to be tested), so that the first four users to pass > traffic will be translated and allowed through, but after that, they'll have > to wait. > > I'm off to look at something like TACACS to see if I can control network > authorization by number of users (shot in the dark). > > No equipment in place yet, so we have a clean drawing board. > > Anybody have any neat ideas please!! > > Thanks, > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33317&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
I try not to use the below logic on my networks, but have also never had it fail to deliver service when there was no other choice. The common streaming of windows media and real have such large client side buffers that you'll find you can seemingly overload the link without having any user observable qualitative difference. Some factors which contribute even more to the success of overloading are the bit rate varies as the encoders don't always output the maximum data rate. The fact that most streams on the public internet are short lived, the standard buffers can cover the end of the stream the user is still viewing leaving capacity for other streams to go through their peak startup period. The traditional stat muxing factors come into play where depending upon the application there is some downcycle in streaming usage in the workflow. You only need a 2.5:1 to get 300kbps streams through uncongested. Lastly I think you are approaching the wrong problem. Non streaming uses for the same 2Mbps link will be the big enemy of predictably good streaming performance. Your application may even be one of those by downloading other supporting data... To more directly approach the problem space you posed: -There is xauth in pixOS and I believe IOS as well -Couple that with a creative authentication server, or script to control it -The above should get you the max number of sessions through. -Can't recall the reflexive access lists with CAR ball of wax off the top of my head. But there is some per-session rate limiting in cisco. There are various rate limiting equipment out there. Riverstone has good affordable routers for this, Netscreen claims to do it(haven't used them yet), and Packeteer also does this type of thing. There is more but I believe them to be the notables. There are proxy and/or cache products which would address the max number of sessions issue and maybe address the usage pattern you have. Not that I'd recommend this, but if your application and rest of the network path can adequately support forcing the streams over a tcp session you'll probably find it much easier to deal with the rate limiting. But really try to handle it without forcing tcp as any backoffs will hurt the qualitative performance if there are other signficant numbers of tcps over any congested link.(read: IME(nee opinion) tcp will backoff quicker than a given streaming protocol) Good Luck, Darrell (always looking for contract work) Newcomb [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=0&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
I try not to use the below logic on my networks, but have also never had it fail to deliver service when there was no other choice. The common streaming of windows media and real have such large client side buffers that you'll find you can seemingly overload the link without having any user observable qualitative difference. Some factors which contribute even more to the success of overloading are the bit rate varies as the encoders don't always output the maximum data rate. The fact that most streams on the public internet are short lived, the standard buffers can cover the end of the stream the user is still viewing leaving capacity for other streams to go through their peak startup period. The traditional stat muxing factors come into play where depending upon the application there is some downcycle in streaming usage in the workflow. You only need a 2.5:1 to get 300kbps streams through uncongested. Lastly I think you are approaching the wrong problem. Non streaming uses for the same 2Mbps link will be the big enemy of predictably good streaming performance. Your application may even be one of those by downloading other supporting data... To more directly approach the problem space you posed: -There is xauth in pixOS and I believe IOS NAT -Couple that with a creative authentication server, or script to control it -The above should get you the max number of sessions through. -Can't recall the reflexive access lists with CAR ball of wax off the top of my head. But there is some per-session rate limiting in cisco. There are various rate limiting equipment out there. Riverstone has good affordable routers for this, Netscreen claims to do it(haven't used them yet), and Packeteer also does this type of thing. There is more but I believe them to be the notables. There are proxy and/or cache products which would address the max number of sessions issue and maybe address the usage pattern you have. Not that I'd recommend this, but if your application and rest of the network path can adequately support forcing the streams over a tcp session you'll probably find it much easier to deal with the rate limiting. But really try to handle it without forcing tcp as any backoffs will hurt the qualitative performance if there are other signficant numbers of tcps over any congested link.(read: IME(nee opinion) tcp will backoff quicker than a given streaming protocol) Good Luck, Darrell (always looking for contract work) Newcomb Gaz wrote: > > Hi all, > > I'm after some ideas if you'd be so kind :-) > > A 2Mb link being used mainly for streaming media has about 15 potential > users. The task is to limit the number of users at any one time to four, so > they have half a Mb each (ish). > > My initial idea, which I must admit, I dont think is such a good one is to > set up a NAT pool of four addresses, and drag the translation timeout down > to about a minute (yet to be tested), so that the first four users to pass > traffic will be translated and allowed through, but after that, they'll have > to wait. > > I'm off to look at something like TACACS to see if I can control network > authorization by number of users (shot in the dark). > > No equipment in place yet, so we have a clean drawing board. > > Anybody have any neat ideas please!! > > Thanks, > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33308&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Limit access to serial link to four users [7:33306]
see comments below -Original Message- From: Gaz [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 3:51 PM To: [EMAIL PROTECTED] Subject: Limit access to serial link to four users [7:33306] >Hi all, >I'm after some ideas if you'd be so kind :-) >A 2Mb link being used mainly for streaming media has about 15 potential >users. The task is to limit the number of users at any one time to four, so >they have half a Mb each (ish). All 15 @ once may be able to watch this stream. you should run a test to determine if this is a 300kbps, (DSL cable stream) or a 150Kbps "T-1" stream. if you go to Abcnews.com or somesites to watch video, they expect corporate users to choose a T-1 stream, because they run on a business line which is not exclusively for the streaming. What I would do is ask people to choose the lower res stream, and enforce this with an aggresive car / traffic shaping policy. It would be nice if this stream uses layer 4 characteristics which will make it easy to classify and apply policy to, however assuming it uses a protocol you don't wish to delay (like tcp 80, http), you can always use car to limit per ip bandwidth for your 15 potential users, this would easiest if their ip's were in a neat little /28 range) >My initial idea, which I must admit, I dont think is such a good one is to >set up a NAT pool of four addresses, and drag the translation timeout down >to about a minute (yet to be tested), so that the first four users to pass >traffic will be translated and allowed through, but after that, they'll have >to wait. this can work.. however every minute it would get kicked.. not cool if the stream is long. (you can make sure the potential users are in a specific range and then make a route map, keeping the hosts in their own nat pool, unless your potential users are your only users. >I'm off to look at something like TACACS to see if I can control network >authorization by number of users (shot in the dark). >No equipment in place yet, so we have a clean drawing board. >Anybody have any neat ideas please!! Thanks, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33313&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Limit access to serial link to four users [7:33306]
This didn't seem to post earlier I try not to use the following on my networks, but have also never had it fail to deliver service when there was no other choice. The common streaming of windows media and real have such large client side buffers that you'll find you can seemingly overload the link without having any user observable qualitative difference. Some factors which contribute even more to the success of overloading are the bit rate varies as the encoders don't always output the maximum data rate. The fact that most streams on the public internet are short lived, the standard buffers can cover the end of the stream the user is still viewing leaving capacity for other streams to go through their peak startup period. The traditional stat muxing factors come into play where depending upon the application there is some downcycle in streaming usage in the workflow. You only need a 2.5:1 to get "300"kbps streams through uncongested. Lastly I think you are approaching the wrong problem. Non streaming uses for the same 2Mbps link will be the big enemy of predictably good streaming performance. Your application may even be one of those by downloading other supporting data... Now to more directly approach the problem space you posed: -There is xauth in pixOS and I believe IOS NAT -Couple that with a creative authentication server, or script to control it -The above should get you the max number of sessions through. -Can't recall the reflexive access lists with CAR ball of wax off the top of my head. But there is some per-session rate limiting in cisco. There are various rate limiting equipment out there. Riverstone has good affordable routers for this, Netscreen claims to do it(haven't used them yet), and Packeteer also does this type of thing. There is more but I believe them to be the notables. There are proxy and/or cache products which would address the max number of sessions issue and maybe address the usage pattern you have. Not that I'd recommend this, but if your application and rest of the network path can adequately support forcing the streams over a tcp session you'll probably find it much easier to deal with the rate limiting. But really try to handle it without forcing tcp as any backoffs will hurt the qualitative performance if there are other signficant numbers of tcps over any congested link. Basically that should read that in my experience tcp will backoff quicker than a given streaming protocol and that definately FASTER than common streams. Good Luck, Darrell (always looking for contract work) Newcomb [EMAIL PROTECTED] Gaz wrote: > > Hi all, > > I'm after some ideas if you'd be so kind :-) > > A 2Mb link being used mainly for streaming media has about 15 > potential > users. The task is to limit the number of users at any one time > to four, so > they have half a Mb each (ish). > > My initial idea, which I must admit, I dont think is such a > good one is to > set up a NAT pool of four addresses, and drag the translation > timeout down > to about a minute (yet to be tested), so that the first four > users to pass > traffic will be translated and allowed through, but after that, > they'll have > to wait. > > I'm off to look at something like TACACS to see if I can > control network > authorization by number of users (shot in the dark). > > No equipment in place yet, so we have a clean drawing board. > > Anybody have any neat ideas please!! > > > Thanks, > > Gaz > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33311&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Limit access to serial link to four users [7:33306]
I try not to use the following on my networks, but have also never had it fail to deliver service when there was no other choice. The common streaming of windows media and real have such large client side buffers that you'll find you can seemingly overload the link without having any user observable qualitative difference. Some factors which contribute even more to the success of overloading are the bit rate varies as the encoders don't always output the maximum data rate. The fact that most streams on the public internet are short lived, the standard buffers can cover the end of the stream the user is still viewing leaving capacity for other streams to go through their peak startup period. The traditional stat muxing factors come into play where depending upon the application there is some downcycle in streaming usage in the workflow. You only need a 2.5:1 to get "300"kbps streams through uncongested. Lastly I think you are approaching the wrong problem. Non streaming uses for the same 2Mbps link will be the big enemy of predictably good streaming performance. Your application may even be one of those by downloading other supporting data... Now to more directly approach the problem space you posed: -There is xauth in pixOS and I believe IOS NAT -Couple that with a creative authentication server, or script to control it -The above should get you the max number of sessions through. -Can't recall the reflexive access lists with CAR ball of wax off the top of my head. But there is some per-session rate limiting in cisco. There are various rate limiting equipment out there. Riverstone has good affordable routers for this, Netscreen claims to do it(haven't used them yet), and Packeteer also does this type of thing. There is more but I believe them to be the notables. There are proxy and/or cache products which would address the max number of sessions issue and maybe address the usage pattern you have. Not that I'd recommend this, but if your application and rest of the network path can adequately support forcing the streams over a tcp session you'll probably find it much easier to deal with the rate limiting. But really try to handle it without forcing tcp as any backoffs will hurt the qualitative performance if there are other signficant numbers of tcps over any congested link. Basically that should read that in my experience tcp will backoff quicker than a given streaming protocol and that definately FASTER than common streams. Good Luck, Darrell (always looking for contract work) Newcomb [EMAIL PROTECTED] Gaz wrote: > > Hi all, > > I'm after some ideas if you'd be so kind :-) > > A 2Mb link being used mainly for streaming media has about 15 > potential > users. The task is to limit the number of users at any one time > to four, so > they have half a Mb each (ish). > > My initial idea, which I must admit, I dont think is such a > good one is to > set up a NAT pool of four addresses, and drag the translation > timeout down > to about a minute (yet to be tested), so that the first four > users to pass > traffic will be translated and allowed through, but after that, > they'll have > to wait. > > I'm off to look at something like TACACS to see if I can > control network > authorization by number of users (shot in the dark). > > No equipment in place yet, so we have a clean drawing board. > > Anybody have any neat ideas please!! > > > Thanks, > > Gaz > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33310&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
I must admit I've not even touched on streaming media, H323, but apparently it's just RealPlayer 8.5 anyway. Your suggestions have led me to RSVP at the moment, so I have some reading to do. Thanks for idea's. Feel free to keep em coming. I'm off to get some reading done. Cheers, Gaz ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is it H.323 media? Then you could set up a gatekeeper, and limit to 4 > connections. Or, if you know the size of the bandwidth stream, you could > create a PQ in LLQ that will only let enough bw for 4 users, then the rest > wouldn't go through. > > > ""Gaz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > I'm after some ideas if you'd be so kind :-) > > > > A 2Mb link being used mainly for streaming media has about 15 potential > > users. The task is to limit the number of users at any one time to four, > so > > they have half a Mb each (ish). > > > > My initial idea, which I must admit, I dont think is such a good one is to > > set up a NAT pool of four addresses, and drag the translation timeout down > > to about a minute (yet to be tested), so that the first four users to pass > > traffic will be translated and allowed through, but after that, they'll > have > > to wait. > > > > I'm off to look at something like TACACS to see if I can control network > > authorization by number of users (shot in the dark). > > > > No equipment in place yet, so we have a clean drawing board. > > > > Anybody have any neat ideas please!! > > > > > > Thanks, > > > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33328&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
If all of my responses get through this will be embarassing. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33318&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Limit access to serial link to four users [7:33306]
Is it H.323 media? Then you could set up a gatekeeper, and limit to 4 connections. Or, if you know the size of the bandwidth stream, you could create a PQ in LLQ that will only let enough bw for 4 users, then the rest wouldn't go through. ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I'm after some ideas if you'd be so kind :-) > > A 2Mb link being used mainly for streaming media has about 15 potential > users. The task is to limit the number of users at any one time to four, so > they have half a Mb each (ish). > > My initial idea, which I must admit, I dont think is such a good one is to > set up a NAT pool of four addresses, and drag the translation timeout down > to about a minute (yet to be tested), so that the first four users to pass > traffic will be translated and allowed through, but after that, they'll have > to wait. > > I'm off to look at something like TACACS to see if I can control network > authorization by number of users (shot in the dark). > > No equipment in place yet, so we have a clean drawing board. > > Anybody have any neat ideas please!! > > > Thanks, > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33316&t=33306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]